Theforeman

Foreman

71 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2014-3531

  • EPSS 0.2%
  • Published 18.10.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.

5.4

CVE-2014-0208

Exploit
  • EPSS 0.19%
  • Published 16.10.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.

8.1

CVE-2015-5246

  • EPSS 0.66%
  • Published 06.10.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

6.1

CVE-2015-5282

  • EPSS 0.43%
  • Published 25.09.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

8.1

CVE-2015-5152

  • EPSS 0.24%
  • Published 17.07.2017 13:18:04
  • Last modified 20.04.2025 01:37:25

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

8.8

CVE-2017-7505

  • EPSS 0.31%
  • Published 26.05.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user objec...

5.4

CVE-2016-6320

  • EPSS 0.34%
  • Published 19.08.2016 21:59:15
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host inter...

6.1

CVE-2016-6319

  • EPSS 0.54%
  • Published 19.08.2016 21:59:14
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

5.3

CVE-2016-5390

  • EPSS 0.45%
  • Published 19.08.2016 21:59:11
  • Last modified 12.04.2025 10:46:40

Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET...

5.3

CVE-2016-4995

  • EPSS 0.25%
  • Published 19.08.2016 21:59:10
  • Last modified 12.04.2025 10:46:40

Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a UR...